St Andrews: Final Report

Beneficiaries // Objectives // Publications // Summary


In addition to the scientific community, we can identify three broad categories of beneficiary: companies, regulators and the wider society.

Companies: Companies supplying systems, components and services used in the development of dependable systems will be direct beneficiaries of the new mechanisms, techniques and processes developed under the proposed project.
Regulators: We believe our work will inform established regulatory practice and allow the identification of new approaches to governance. The development of soundly-based assessment practice will offer significant improvements in observed dependability and will provide a competitive advantage to firms operating within a well informed regulatory context.
Wider society: We believe the work of the proposed project will facilitate timely, safe deployment of innovative products in a variety of domains (e.g. medical devices with safety requirements, e-commerce developments with security requirements).

Interactions with beneficiaries will be via - Interactions with our partners (Voca, British Energy, Qinetiq, CAA) and their supply chain and other key players in the industry sectors - The Scientific and Business Advisory Board composed of senior and influential representatives from academia and our industrial partners - Spin-off projects - Other dissemination activities such as Continuing Professional Development courses.


The main objectives of the research at proposal time

This project tackles the design challenge of dependability in computer-based systems. The overall objective is to support, via an interdisciplinary appraoch that takes into account the characteristics and behaviours of machines, individuals and organisations, the design of dependable socio-technical systems and to be able to assess and communicate this dependability convincingly.This high-level objective encompasses these more detailed, interdependent ones:

  1. to develop ways of using time as a unifying abstraction for structuring dependable systems, by developing the DIRC time band model as it relates to system structure and the design of dependable systems and deriving a notation, language, logic.

  2. to address adaptation mechanisms and diversity within socio-technical systems, developing probabilistic models and tools that designers and assessors can use to gain insights and make explicit design trade-offs.

  3. to develop notations, tools and guidelines for modelling organisational responsibility and the underlying trust relations, with a particular emphasis on the evolution of responsibility and trust.

  4. to develop techniques for using these models, in conjunction with other system representations, to support the design of socio-technical systems and their associated dependability cases.

  5. to develop an approach to dependability cases that treats confidence, and the diversity of arguments often required to achieve confidence, in a technically sound manner with a supporting modelling language and pragmatics (case studies, templates).

  6. to incorporate time as a structuring mechanism and viewpoint on the case.

In addition, we intend to train a significant number of PhD students, essential for developing the next generation of dependability researchers.

The main objectives of the research at report time

This was a collaborative project and the above statement includes the objectives for all partners. The objectives were not changed in a significant way although we decided that the use of time bands as a unifying mechanism across all of the project partners (York, City, Edinburgh) was inappropriate. The work at St Andrews focused on the development of responsibility models and this was completed as planned.

Key sub-objectives in this area were:

  1. To develop a notation for modelling responsibilities in multi-agency socio-technical systems. Completed successfully.

  2. To demonstrate the utility of this approach in a range of different domains. Demonstrated in domains of civil contingency planning, e-voting and national infrastructure analysis.


Journal publications

  1. Observations of the Scottish Elections, 2007. (2008). Professor Ian Sommerville, Dr Russell Lock, Dr Tim Storer, Miss Natalie Harvey & Mr Conrad Hughes. Transforming Government: People, Process and Policy. 2(2), 104-118.

  2. Responsibility Modelling for Civil Emergency Planning. (2009). Professor Ian Sommerville, Dr Russell Lock & Dr Tim Storer. Risk Management. 11, 179-207.

Conference publications

  1. Deriving Information Requirements from Responsibility Models. (2009). Professor Ian Sommerville, Dr Russell Lock, Dr Tim Storer & Professor John Dobson. Proc. CAiSE 2009. 21st International Conference on Advanced Information Systems Engineering. 515-529.

  2. Responsibility Modelling for Risk Analysis. (2009). Professor Ian Sommerville, Dr Russell Lock & Dr Tim Storer. Proc. ESREL 2009. 1103-1109.

  3. Modelling and Analysis of Socio-Technical Systems of Systems. (2010). Professor Ian Sommerville & Dr Russell Lock. 15th IEEE International Conference on Engineering of Complex Computer Systems. 224-233.


The research was concerned with finding a way to represent responsibilities in complex systems involving different organisations. The rationale for the work was that many system failures are 'responsibility failures' where people or organisations fail to discharge a responsibility as expected by other agents in the system. By explicitly representing and analysing these responsibilities, we hoped to find system vulnerabilities that could be addressed before system failure occurred.

The basis representation was deliberately simplified to make it readily accessible to industrial users. We model a socio- technical system using three constructs - responsibilities, agents who are assigned these responsibilities and resources used by these agents. The notation was developed originally using the domain of civil contingency management where we modelled flood and nuclear emergency planning. We have developed an approach based on HAZOPS to analyse responsibility models and to detect areas of potential vulnerability.

An interesting and unexpected application of the work was in supporting the derivation of software requirements for packaged software systems where the system functionality is pre-defined and the primary requirements are information requirements defining the information used by agents interacting with the system.

We are now developing the work in 2 directions - the modelling of complex systems of systems (it is being used in the EPSRC LSCITS programme) and in critical infrastructure analysis with Strathclyde Police. This latter application has been funded by a Pathways to Impact award. It is anticipated that further publications will result from this work.